[openssl-commits] [openssl] OpenSSL_1_0_2-stable update

[Rich Salz]

The branch OpenSSL_1_0_2-stable has been updated
   via  6180c0ff0c34b4029bd9d1bec519c8cbc6be4808 (commit)
  from  32cc4c2627e8f582d906b03abf763f682c7f96dd (commit)


- Log -
commit 6180c0ff0c34b4029bd9d1bec519c8cbc6be4808
Author: Marcus Meissner 
Date:   Tue Sep 6 11:01:21 2016 +0200

initialize the RSA struct to 0.

This helps with program code linked against static builds accessing a 
uninitialized ->engine pointer.

CLA: none; trivial

Reviewed-by: Tim Hudson 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1540)

---

Summary of changes:
 crypto/rsa/rsa_lib.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index a6805de..6ea6b40 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -143,6 +143,7 @@ RSA *RSA_new_method(ENGINE *engine)
 RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
 return NULL;
 }
+memset(ret,0,sizeof(RSA));
 
 ret->meth = RSA_get_default_method();
 #ifndef OPENSSL_NO_ENGINE
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Fixed: openssl/openssl#6078 (master - 28aef3d)

[Travis CI]

Build Update for openssl/openssl
-

Build: #6078
Status: Fixed

Duration: 31 minutes and 9 seconds
Commit: 28aef3d (master)
Author: FdaSilvaYY
Message: Remove an option related to a deprecated flag

CMS_NOOLDMIMETYPE and PKCS7_NOOLDMIMETYPE  are unused in pkcs7/cms code.

Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1585)

View the changeset: 
https://github.com/openssl/openssl/compare/9205ebeb8e44...28aef3d9558d

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/161208157

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Rich Salz]

The branch OpenSSL_1_1_0-stable has been updated
   via  3fd181a8b5b85a1f7383e82438da494a08f7d843 (commit)
  from  90edd7ad0fb0d8b1eb5bb6d587a6359f17a39230 (commit)


- Log -
commit 3fd181a8b5b85a1f7383e82438da494a08f7d843
Author: FdaSilvaYY 
Date:   Sat Sep 17 21:29:48 2016 +0200

Remove an option related to a deprecated flag

CMS_NOOLDMIMETYPE and PKCS7_NOOLDMIMETYPE  are unused in pkcs7/cms code.

Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1585)
(cherry picked from commit 28aef3d9558dc2e11ba56576b3a4d3faaef8a9d3)

---

Summary of changes:
 apps/cms.c   | 6 +-
 apps/smime.c | 6 +-
 2 files changed, 2 insertions(+), 10 deletions(-)

diff --git a/apps/cms.c b/apps/cms.c
index ad292f5..133dc02 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -72,7 +72,7 @@ typedef enum OPTION_choice {
 OPT_ASCIICRLF, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCERTS,
 OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP, OPT_BINARY, OPT_KEYID,
 OPT_NOSIGS, OPT_NO_CONTENT_VERIFY, OPT_NO_ATTR_VERIFY, OPT_INDEF,
-OPT_NOINDEF, OPT_NOOLDMIME, OPT_CRLFEOL, OPT_NOOUT, OPT_RR_PRINT,
+OPT_NOINDEF, OPT_CRLFEOL, OPT_NOOUT, OPT_RR_PRINT,
 OPT_RR_ALL, OPT_RR_FIRST, OPT_RCTFORM, OPT_CERTFILE, OPT_CAFILE,
 OPT_CAPATH, OPT_NOCAPATH, OPT_NOCAFILE,OPT_CONTENT, OPT_PRINT,
 OPT_SECRETKEY, OPT_SECRETKEYID, OPT_PWRI_PASSWORD, OPT_ECONTENT_TYPE,
@@ -131,7 +131,6 @@ OPTIONS cms_options[] = {
 {"stream", OPT_INDEF, '-', "Enable CMS streaming"},
 {"indef", OPT_INDEF, '-', "Same as -stream"},
 {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},
-{"nooldmime", OPT_NOOLDMIME, '-'},
 {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR 
only" },
 {"noout", OPT_NOOUT, '-', "For the -cmsout operation do not output the 
parsed CMS structure"},
 {"receipt_request_print", OPT_RR_PRINT, '-', "Print CMS Receipt Request" },
@@ -347,9 +346,6 @@ int cms_main(int argc, char **argv)
 case OPT_NOINDEF:
 flags &= ~CMS_STREAM;
 break;
-case OPT_NOOLDMIME:
-flags |= CMS_NOOLDMIMETYPE;
-break;
 case OPT_CRLFEOL:
 mime_eol = "\r\n";
 flags |= CMS_CRLFEOL;
diff --git a/apps/smime.c b/apps/smime.c
index 082109b..1f4091f 100644
--- a/apps/smime.c
+++ b/apps/smime.c
@@ -37,7 +37,7 @@ typedef enum OPTION_choice {
 OPT_PK7OUT, OPT_TEXT, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCHAIN,
 OPT_NOCERTS, OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP,
 OPT_BINARY, OPT_NOSIGS, OPT_STREAM, OPT_INDEF, OPT_NOINDEF,
-OPT_NOOLDMIME, OPT_CRLFEOL, OPT_RAND, OPT_ENGINE, OPT_PASSIN,
+OPT_CRLFEOL, OPT_RAND, OPT_ENGINE, OPT_PASSIN,
 OPT_TO, OPT_FROM, OPT_SUBJECT, OPT_SIGNER, OPT_RECIP, OPT_MD,
 OPT_CIPHER, OPT_INKEY, OPT_KEYFORM, OPT_CERTFILE, OPT_CAFILE,
 OPT_V_ENUM,
@@ -95,7 +95,6 @@ OPTIONS smime_options[] = {
 {"stream", OPT_STREAM, '-', "Enable CMS streaming" },
 {"indef", OPT_INDEF, '-', "Same as -stream" },
 {"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},
-{"nooldmime", OPT_NOOLDMIME, '-', NULL},
 {"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR 
only"},
 {"rand", OPT_RAND, 's',
  "Load the file(s) into the random number generator"},
@@ -221,9 +220,6 @@ int smime_main(int argc, char **argv)
 case OPT_NOINDEF:
 indef = 0;
 break;
-case OPT_NOOLDMIME:
-flags |= PKCS7_NOOLDMIMETYPE;
-break;
 case OPT_CRLFEOL:
 flags |= PKCS7_CRLFEOL;
 mime_eol = "\r\n";
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

[Rich Salz]

The branch OpenSSL_1_1_0-stable has been updated
   via  90edd7ad0fb0d8b1eb5bb6d587a6359f17a39230 (commit)
  from  57106f55a5de6186af4ff78484d99528a6935be4 (commit)


- Log -
commit 90edd7ad0fb0d8b1eb5bb6d587a6359f17a39230
Author: FdaSilvaYY 
Date:   Sun Jul 31 19:02:50 2016 +0200

Fix various missing option help messages ...

Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1585)
(cherry picked from commit 12d56b2992ebd61e1b30c99ca1898dde42345cf7)

---

Summary of changes:
 apps/cms.c| 19 ++-
 apps/crl.c|  2 +-
 apps/gendsa.c |  2 +-
 apps/ocsp.c   |  6 --
 apps/pkcs7.c  |  2 +-
 apps/pkcs8.c  |  2 +-
 apps/smime.c  | 17 +
 apps/spkac.c  |  3 ++-
 apps/ts.c |  2 +-
 apps/x509.c   | 16 
 10 files changed, 38 insertions(+), 33 deletions(-)

diff --git a/apps/cms.c b/apps/cms.c
index b9eec24..ad292f5 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -99,7 +99,7 @@ OPTIONS cms_options[] = {
 {"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"},
 {"sign", OPT_SIGN, '-', "Sign message"},
 {"sign_receipt", OPT_SIGN_RECEIPT, '-', "Generate a signed receipt for the 
message"},
-{"resign", OPT_RESIGN, '-'},
+{"resign", OPT_RESIGN, '-', "Resign a signed message"},
 {"verify", OPT_VERIFY, '-', "Verify signed message"},
 {"verify_retcode", OPT_VERIFY_RETCODE, '-'},
 {"verify_receipt", OPT_VERIFY_RECEIPT, '<'},
@@ -122,22 +122,22 @@ OPTIONS cms_options[] = {
  "Don't include signers certificate when signing"},
 {"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"},
 {"nodetach", OPT_NODETACH, '-', "Use opaque signing"},
-{"nosmimecap", OPT_NOSMIMECAP, '-'},
+{"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities 
attribute"},
 {"binary", OPT_BINARY, '-', "Don't translate message to text"},
 {"keyid", OPT_KEYID, '-', "Use subject key identifier"},
 {"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"},
 {"no_content_verify", OPT_NO_CONTENT_VERIFY, '-'},
 {"no_attr_verify", OPT_NO_ATTR_VERIFY, '-'},
-{"stream", OPT_INDEF, '-'},
-{"indef", OPT_INDEF, '-'},
-{"noindef", OPT_NOINDEF, '-'},
+{"stream", OPT_INDEF, '-', "Enable CMS streaming"},
+{"indef", OPT_INDEF, '-', "Same as -stream"},
+{"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},
 {"nooldmime", OPT_NOOLDMIME, '-'},
-{"crlfeol", OPT_CRLFEOL, '-'},
+{"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR 
only" },
 {"noout", OPT_NOOUT, '-', "For the -cmsout operation do not output the 
parsed CMS structure"},
-{"receipt_request_print", OPT_RR_PRINT, '-'},
+{"receipt_request_print", OPT_RR_PRINT, '-', "Print CMS Receipt Request" },
 {"receipt_request_all", OPT_RR_ALL, '-'},
 {"receipt_request_first", OPT_RR_FIRST, '-'},
-{"rctform", OPT_RCTFORM, 'F'},
+{"rctform", OPT_RCTFORM, 'F', "Receipt file format"},
 {"certfile", OPT_CERTFILE, '<', "Other certificates file"},
 {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},
 {"CApath", OPT_CAPATH, '/', "trusted certificates directory"},
@@ -147,7 +147,8 @@ OPTIONS cms_options[] = {
  "Do not load certificates from the default certificates directory"},
 {"content", OPT_CONTENT, '<',
  "Supply or override content for detached signature"},
-{"print", OPT_PRINT, '-', "For the -cmsout operation print out all fields 
of the CMS structure"},
+{"print", OPT_PRINT, '-', 
+ "For the -cmsout operation print out all fields of the CMS structure"},
 {"secretkey", OPT_SECRETKEY, 's'},
 {"secretkeyid", OPT_SECRETKEYID, 's'},
 {"pwri_password", OPT_PWRI_PASSWORD, 's'},
diff --git a/apps/crl.c b/apps/crl.c
index 5e0fbe5..06b6e5b 100644
--- a/apps/crl.c
+++ b/apps/crl.c
@@ -41,7 +41,7 @@ OPTIONS crl_options[] = {
 {"fingerprint", OPT_FINGERPRINT, '-', "Print the crl fingerprint"},
 {"crlnumber", OPT_CRLNUMBER, '-', "Print CRL number"},
 {"badsig", OPT_BADSIG, '-', "Corrupt last byte of loaded CRL signature 
(for test)" },
-{"gendelta", OPT_GENDELTA, '<'},
+{"gendelta", OPT_GENDELTA, '<', "Other CRL to compare/diff to the Input 
one"},
 {"CApath", OPT_CAPATH, '/', "Verify CRL using certificates in dir"},
 {"CAfile", OPT_CAFILE, '<', "Verify CRL using certificates in file name"},
 {"no-CAfile", OPT_NOCAFILE, '-',
diff --git a/apps/gendsa.c b/apps/gendsa.c
index 5dacf1b..4c05493 100644
--- a/apps/gendsa.c
+++ b/apps/gendsa.c
@@ -34,7 +34,7 @@ OPTIONS gendsa_options[] = {
 {OPT_HELP_STR, 1, '-', "Valid options are:\n"},
 {"help", OPT_HELP, '-', "Display this summary"},
 {"out", OPT_OUT, '>', "Output the key to the specified 

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  28aef3d9558dc2e11ba56576b3a4d3faaef8a9d3 (commit)
   via  12d56b2992ebd61e1b30c99ca1898dde42345cf7 (commit)
  from  9205ebeb8e448b2d6948b9e5d78ecf309c0ed33c (commit)


- Log -
commit 28aef3d9558dc2e11ba56576b3a4d3faaef8a9d3
Author: FdaSilvaYY 
Date:   Sat Sep 17 21:29:48 2016 +0200

Remove an option related to a deprecated flag

CMS_NOOLDMIMETYPE and PKCS7_NOOLDMIMETYPE  are unused in pkcs7/cms code.

Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1585)

commit 12d56b2992ebd61e1b30c99ca1898dde42345cf7
Author: FdaSilvaYY 
Date:   Sun Jul 31 19:02:50 2016 +0200

Fix various missing option help messages ...

Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1585)

---

Summary of changes:
 apps/cms.c| 25 +++--
 apps/crl.c|  2 +-
 apps/gendsa.c |  2 +-
 apps/ocsp.c   |  6 --
 apps/pkcs7.c  |  2 +-
 apps/pkcs8.c  |  2 +-
 apps/smime.c  | 21 +
 apps/spkac.c  |  3 ++-
 apps/ts.c |  2 +-
 apps/x509.c   | 16 
 10 files changed, 39 insertions(+), 42 deletions(-)

diff --git a/apps/cms.c b/apps/cms.c
index b9eec24..133dc02 100644
--- a/apps/cms.c
+++ b/apps/cms.c
@@ -72,7 +72,7 @@ typedef enum OPTION_choice {
 OPT_ASCIICRLF, OPT_NOINTERN, OPT_NOVERIFY, OPT_NOCERTS,
 OPT_NOATTR, OPT_NODETACH, OPT_NOSMIMECAP, OPT_BINARY, OPT_KEYID,
 OPT_NOSIGS, OPT_NO_CONTENT_VERIFY, OPT_NO_ATTR_VERIFY, OPT_INDEF,
-OPT_NOINDEF, OPT_NOOLDMIME, OPT_CRLFEOL, OPT_NOOUT, OPT_RR_PRINT,
+OPT_NOINDEF, OPT_CRLFEOL, OPT_NOOUT, OPT_RR_PRINT,
 OPT_RR_ALL, OPT_RR_FIRST, OPT_RCTFORM, OPT_CERTFILE, OPT_CAFILE,
 OPT_CAPATH, OPT_NOCAPATH, OPT_NOCAFILE,OPT_CONTENT, OPT_PRINT,
 OPT_SECRETKEY, OPT_SECRETKEYID, OPT_PWRI_PASSWORD, OPT_ECONTENT_TYPE,
@@ -99,7 +99,7 @@ OPTIONS cms_options[] = {
 {"decrypt", OPT_DECRYPT, '-', "Decrypt encrypted message"},
 {"sign", OPT_SIGN, '-', "Sign message"},
 {"sign_receipt", OPT_SIGN_RECEIPT, '-', "Generate a signed receipt for the 
message"},
-{"resign", OPT_RESIGN, '-'},
+{"resign", OPT_RESIGN, '-', "Resign a signed message"},
 {"verify", OPT_VERIFY, '-', "Verify signed message"},
 {"verify_retcode", OPT_VERIFY_RETCODE, '-'},
 {"verify_receipt", OPT_VERIFY_RECEIPT, '<'},
@@ -122,22 +122,21 @@ OPTIONS cms_options[] = {
  "Don't include signers certificate when signing"},
 {"noattr", OPT_NOATTR, '-', "Don't include any signed attributes"},
 {"nodetach", OPT_NODETACH, '-', "Use opaque signing"},
-{"nosmimecap", OPT_NOSMIMECAP, '-'},
+{"nosmimecap", OPT_NOSMIMECAP, '-', "Omit the SMIMECapabilities 
attribute"},
 {"binary", OPT_BINARY, '-', "Don't translate message to text"},
 {"keyid", OPT_KEYID, '-', "Use subject key identifier"},
 {"nosigs", OPT_NOSIGS, '-', "Don't verify message signature"},
 {"no_content_verify", OPT_NO_CONTENT_VERIFY, '-'},
 {"no_attr_verify", OPT_NO_ATTR_VERIFY, '-'},
-{"stream", OPT_INDEF, '-'},
-{"indef", OPT_INDEF, '-'},
-{"noindef", OPT_NOINDEF, '-'},
-{"nooldmime", OPT_NOOLDMIME, '-'},
-{"crlfeol", OPT_CRLFEOL, '-'},
+{"stream", OPT_INDEF, '-', "Enable CMS streaming"},
+{"indef", OPT_INDEF, '-', "Same as -stream"},
+{"noindef", OPT_NOINDEF, '-', "Disable CMS streaming"},
+{"crlfeol", OPT_CRLFEOL, '-', "Use CRLF as EOL termination instead of CR 
only" },
 {"noout", OPT_NOOUT, '-', "For the -cmsout operation do not output the 
parsed CMS structure"},
-{"receipt_request_print", OPT_RR_PRINT, '-'},
+{"receipt_request_print", OPT_RR_PRINT, '-', "Print CMS Receipt Request" },
 {"receipt_request_all", OPT_RR_ALL, '-'},
 {"receipt_request_first", OPT_RR_FIRST, '-'},
-{"rctform", OPT_RCTFORM, 'F'},
+{"rctform", OPT_RCTFORM, 'F', "Receipt file format"},
 {"certfile", OPT_CERTFILE, '<', "Other certificates file"},
 {"CAfile", OPT_CAFILE, '<', "Trusted certificates file"},
 {"CApath", OPT_CAPATH, '/', "trusted certificates directory"},
@@ -147,7 +146,8 @@ OPTIONS cms_options[] = {
  "Do not load certificates from the default certificates directory"},
 {"content", OPT_CONTENT, '<',
  "Supply or override content for detached signature"},
-{"print", OPT_PRINT, '-', "For the -cmsout operation print out all fields 
of the CMS structure"},
+{"print", OPT_PRINT, '-', 
+ "For the -cmsout operation print out all fields of the CMS structure"},
 {"secretkey", OPT_SECRETKEY, 's'},
 {"secretkeyid", OPT_SECRETKEYID, 's'},
 {"pwri_password", OPT_PWRI_PASSWORD, 's'},
@@ -346,9 

[openssl-commits] Broken: openssl/openssl#6076 (master - 9205ebe)

[Travis CI]

Build Update for openssl/openssl
-

Build: #6076
Status: Broken

Duration: 37 minutes and 46 seconds
Commit: 9205ebe (master)
Author: Matt Caswell
Message: Convert num_alloc to a size_t in stack.c and tweak style

We were casting num_alloc to size_t in lots of places, or just using it in
a context where size_t makes more sense - so convert it. This simplifies
the code a bit.

Also tweak the style in stack.c a bit following on from the previous
commit

Reviewed-by: Rich Salz 

View the changeset: 
https://github.com/openssl/openssl/compare/e2562bbbe1e1...9205ebeb8e44

View the full build log and details: 
https://travis-ci.org/openssl/openssl/builds/161179526

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Errored: FdaSilvaYY/openssl#1997 (fix-install-typo - 6e80e6c)

[Travis CI]

Build Update for FdaSilvaYY/openssl
-

Build: #1997
Status: Errored

Duration: 6 minutes and 39 seconds
Commit: 6e80e6c (fix-install-typo)
Author: FdaSilvaYY
Message: Update INSTALL about no-md5 removal

no-rsa is no longer an option since 7ec8de1

Fix a typo about poly1305

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/0522b75bf33b...6e80e6c37625

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/161114017

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Build completed: openssl 1.0.1277

[AppVeyor]

Build openssl 1.0.1277 completed



Commit 03aeb6a541 by FdaSilvaYY on 9/19/2016 9:36 PM:

Clean whitespaces on line ending


Configure your notification preferences

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Matt Caswell]

The branch master has been updated
   via  9205ebeb8e448b2d6948b9e5d78ecf309c0ed33c (commit)
   via  9731a9ce7d0f404d21ed418f9bc983b174e130cb (commit)
  from  e2562bbbe1e1c68ec5a3e02c1f151fd6149ee2ae (commit)


- Log -
commit 9205ebeb8e448b2d6948b9e5d78ecf309c0ed33c
Author: Matt Caswell 
Date:   Thu Sep 8 11:06:29 2016 +0100

Convert num_alloc to a size_t in stack.c and tweak style

We were casting num_alloc to size_t in lots of places, or just using it in
a context where size_t makes more sense - so convert it. This simplifies
the code a bit.

Also tweak the style in stack.c a bit following on from the previous
commit

Reviewed-by: Rich Salz 

commit 9731a9ce7d0f404d21ed418f9bc983b174e130cb
Author: Guido Vranken 
Date:   Thu Sep 8 10:43:37 2016 +0100

Prevent overflows in stack API

Reviewed-by: Rich Salz 
Reviewed-by: Matt Caswell 

---

Summary of changes:
 crypto/stack/stack.c | 53 +---
 1 file changed, 38 insertions(+), 15 deletions(-)

diff --git a/crypto/stack/stack.c b/crypto/stack/stack.c
index acd350a..1d01936 100644
--- a/crypto/stack/stack.c
+++ b/crypto/stack/stack.c
@@ -9,6 +9,7 @@
 
 #include 
 #include "internal/cryptlib.h"
+#include "internal/numbers.h"
 #include 
 #include 
 
@@ -16,7 +17,7 @@ struct stack_st {
 int num;
 const char **data;
 int sorted;
-int num_alloc;
+size_t num_alloc;
 OPENSSL_sk_compfunc comp;
 };
 
@@ -40,6 +41,9 @@ OPENSSL_STACK *OPENSSL_sk_dup(const OPENSSL_STACK *sk)
 {
 OPENSSL_STACK *ret;
 
+if (sk->num < 0)
+return NULL;
+
 if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL)
 return NULL;
 
@@ -62,13 +66,16 @@ OPENSSL_STACK *OPENSSL_sk_deep_copy(const OPENSSL_STACK *sk,
 OPENSSL_STACK *ret;
 int i;
 
+if (sk->num < 0)
+return NULL;
+
 if ((ret = OPENSSL_malloc(sizeof(*ret))) == NULL)
 return NULL;
 
 /* direct structure assignment */
 *ret = *sk;
 
-ret->num_alloc = sk->num > MIN_NODES ? sk->num : MIN_NODES;
+ret->num_alloc = sk->num > MIN_NODES ? (size_t)sk->num : MIN_NODES;
 ret->data = OPENSSL_zalloc(sizeof(*ret->data) * ret->num_alloc);
 if (ret->data == NULL) {
 OPENSSL_free(ret);
@@ -113,28 +120,44 @@ OPENSSL_STACK *OPENSSL_sk_new(OPENSSL_sk_compfunc c)
 
 int OPENSSL_sk_insert(OPENSSL_STACK *st, const void *data, int loc)
 {
-const char **s;
-
-if (st == NULL)
+if (st == NULL || st->num < 0 || st->num == INT_MAX) {
 return 0;
-if (st->num_alloc <= st->num + 1) {
-s = OPENSSL_realloc((char *)st->data,
-(unsigned int)sizeof(char *) * st->num_alloc * 2);
-if (s == NULL)
-return (0);
-st->data = s;
-st->num_alloc *= 2;
 }
-if ((loc >= (int)st->num) || (loc < 0))
+
+if (st->num_alloc <= (size_t)(st->num + 1)) {
+size_t doub_num_alloc = st->num_alloc * 2;
+
+/* Overflow checks */
+if (doub_num_alloc < st->num_alloc)
+return 0;
+
+/* Avoid overflow due to multiplication by sizeof(char *) */
+if (doub_num_alloc > SIZE_MAX / sizeof(char *))
+return 0;
+
+st->data = OPENSSL_realloc((char *)st->data,
+   sizeof(char *) * doub_num_alloc);
+if (st->data == NULL) {
+/*
+ * Reset these counters to prevent subsequent operations on
+ * (now non-existing) heap memory
+ */
+st->num_alloc = 0;
+st->num = 0;
+return 0;
+}
+st->num_alloc = doub_num_alloc;
+}
+if ((loc >= st->num) || (loc < 0)) {
 st->data[st->num] = data;
-else {
+} else {
 memmove(>data[loc + 1], >data[loc],
 sizeof(st->data[0]) * (st->num - loc));
 st->data[loc] = data;
 }
 st->num++;
 st->sorted = 0;
-return (st->num);
+return st->num;
 }
 
 void *OPENSSL_sk_delete_ptr(OPENSSL_STACK *st, const void *p)
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Rich Salz]

The branch master has been updated
   via  e2562bbbe1e1c68ec5a3e02c1f151fd6149ee2ae (commit)
  from  057c676afb2a69b7d2bb9cf6e895e720a2a62b78 (commit)


- Log -
commit e2562bbbe1e1c68ec5a3e02c1f151fd6149ee2ae
Author: FdaSilvaYY 
Date:   Mon Sep 12 22:42:37 2016 +0200

Update INSTALL about no-md5 removal

no-rsa is no longer an option since 7ec8de1

Fix a typo about poly1305

Reviewed-by: Andy Polyakov 
Reviewed-by: Rich Salz 
(Merged from https://github.com/openssl/openssl/pull/1582)

---

Summary of changes:
 INSTALL | 7 +++
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/INSTALL b/INSTALL
index e3f47db..a6e8ea6 100644
--- a/INSTALL
+++ b/INSTALL
@@ -479,10 +479,9 @@
   no-
Build without support for the specified algorithm, where
 is one of: bf, blake2, camellia, cast, chacha, cmac,
-   des, dh, dsa, ecdh, ecdsa, idea, md4, md5, mdc2, ocb,
-   ploy1305, rc2, rc4, rmd160, scrypt, seed or whirlpool. The
-   "ripemd" algorithm is deprecated and if used is synonymous
-   with rmd160.
+   des, dh, dsa, ecdh, ecdsa, idea, md4, mdc2, ocb, poly1305,
+   rc2, rc4, rmd160, scrypt, seed or whirlpool. The "ripemd"
+   algorithm is deprecated and if used is synonymous with 
rmd160.
 
   -Dxxx, -lxxx, -Lxxx, -fxxx, -mXXX, -Kxxx
These system specific options will be passed through to the
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] Fixed: FdaSilvaYY/openssl#1991 (check_bn_wexpand_retcode - 2c5e455)

[Travis CI]

Build Update for FdaSilvaYY/openssl
-

Build: #1991
Status: Fixed

Duration: 50 minutes and 22 seconds
Commit: 2c5e455 (check_bn_wexpand_retcode)
Author: FdaSilvaYY
Message: Add missing checks on BN_copy return value

View the changeset: 
https://github.com/FdaSilvaYY/openssl/compare/97667f6025ed...2c5e4556165c

View the full build log and details: 
https://travis-ci.org/FdaSilvaYY/openssl/builds/16935

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications

_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [openssl] master update

[Richard Levitte]

The branch master has been updated
   via  057c676afb2a69b7d2bb9cf6e895e720a2a62b78 (commit)
  from  81f9ce1e1965e0e33db6d2391285c4c1b6af0434 (commit)


- Log -
commit 057c676afb2a69b7d2bb9cf6e895e720a2a62b78
Author: Richard Levitte 
Date:   Mon Sep 19 15:08:58 2016 +0200

Fix no-ocsp

Some compilers complain about unused variables, and some tests do
not run well without OCSP.

Reviewed-by: Rich Salz 

---

Summary of changes:
 apps/s_client.c|  7 ++-
 apps/s_server.c| 11 ++-
 test/recipes/80-test_ssl_new.t |  4 +++-
 3 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/apps/s_client.c b/apps/s_client.c
index 0627ae8..41f6d48 100644
--- a/apps/s_client.c
+++ b/apps/s_client.c
@@ -856,7 +856,10 @@ int s_client_main(int argc, char **argv)
 enum { use_inet, use_unix, use_unknown } connect_type = use_unknown;
 int count4or6 = 0;
 int c_nbio = 0, c_msg = 0, c_ign_eof = 0, c_brief = 0;
-int c_tlsextdebug = 0, c_status_req = 0;
+int c_tlsextdebug = 0;
+#ifndef OPENSSL_NO_OCSP
+int c_status_req = 0;
+#endif
 BIO *bio_c_msg = NULL;
 
 FD_ZERO();
@@ -1067,7 +1070,9 @@ int s_client_main(int argc, char **argv)
 c_tlsextdebug = 1;
 break;
 case OPT_STATUS:
+#ifndef OPENSSL_NO_OCSP
 c_status_req = 1;
+#endif
 break;
 case OPT_WDEBUG:
 #ifdef WATT32
diff --git a/apps/s_server.c b/apps/s_server.c
index ebab7a2..2051459 100644
--- a/apps/s_server.c
+++ b/apps/s_server.c
@@ -932,7 +932,10 @@ int s_server_main(int argc, char *argv[])
 const char *s_cert_file = TEST_CERT, *s_key_file = NULL, *s_chain_file = 
NULL;
 const char *s_cert_file2 = TEST_CERT2, *s_key_file2 = NULL;
 char *s_dcert_file = NULL, *s_dkey_file = NULL, *s_dchain_file = NULL;
-int s_tlsextstatus = 0, no_resume_ephemeral = 0;
+#ifndef OPENSSL_NO_OCSP
+int s_tlsextstatus = 0;
+#endif
+int no_resume_ephemeral = 0;
 unsigned int split_send_fragment = 0, max_pipelines = 0;
 const char *s_serverinfo_file = NULL;
 
@@ -1206,14 +1209,20 @@ int s_server_main(int argc, char *argv[])
 s_tlsextdebug = 1;
 break;
 case OPT_STATUS:
+#ifndef OPENSSL_NO_OCSP
 s_tlsextstatus = 1;
+#endif
 break;
 case OPT_STATUS_VERBOSE:
+#ifndef OPENSSL_NO_OCSP
 s_tlsextstatus = tlscstatp.verbose = 1;
+#endif
 break;
 case OPT_STATUS_TIMEOUT:
+#ifndef OPENSSL_NO_OCSP
 s_tlsextstatus = 1;
 tlscstatp.timeout = atoi(opt_arg());
+#endif
 break;
 case OPT_STATUS_URL:
 #ifndef OPENSSL_NO_OCSP
diff --git a/test/recipes/80-test_ssl_new.t b/test/recipes/80-test_ssl_new.t
index 46c2f42..47eab18 100644
--- a/test/recipes/80-test_ssl_new.t
+++ b/test/recipes/80-test_ssl_new.t
@@ -44,6 +44,7 @@ my $no_npn = disabled("nextprotoneg");
 my $no_ct = disabled("ct");
 my $no_ec = disabled("ec");
 my $no_ec2m = disabled("ec2m");
+my $no_ocsp = disabled("ocsp");
 
 # Add your test here if the test conf.in generates test cases and/or
 # expectations dynamically based on the OpenSSL compile-time config.
@@ -70,7 +71,8 @@ my %skip = (
   # We should review this once we have TLS 1.3.
   "13-fragmentation.conf" => disabled("tls1_2"),
   "14-curves.conf" => disabled("tls1_2") || $no_ec || $no_ec2m,
-  "16-dtls-certstatus.conf" => $no_dtls
+  "15-certstatus.conf" => $no_ocsp,
+  "16-dtls-certstatus.conf" => $no_dtls || $no_ocsp,
 );
 
 foreach my $conf (@conf_files) {
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits

[openssl-commits] [web] master update

[Mark J . Cox]

The branch master has been updated
   via  08e980caee8d6252b0838e9924498db12083203b (commit)
  from  7257962abfb8d49deb3b9831fa6eeb7068284246 (commit)


- Log -
commit 08e980caee8d6252b0838e9924498db12083203b
Author: Mark J. Cox 
Date:   Mon Sep 19 14:00:52 2016 +0100

Add link to upcoming releases

---

Summary of changes:
 news/newsflash.txt | 1 +
 1 file changed, 1 insertion(+)

diff --git a/news/newsflash.txt b/news/newsflash.txt
index 4cad2ef..0a90069 100644
--- a/news/newsflash.txt
+++ b/news/newsflash.txt
@@ -4,6 +4,7 @@
 # Format is two fields, colon-separated; the first line is the column
 # headings.  URL paths must all be absolute.
 Date: Item
+19-Sep-2016: OpenSSL 1.1.0a, 1.0.2i, 1.0.1u https://mta.openssl.org/pipermail/openssl-announce/2016-September/76.html;>security
 releases due 22nd Sep 2016
 25-Aug-2016: OpenSSL 1.1.0 is now available
 04-Aug-2016: Beta 3 (pre-release 6) of OpenSSL 1.1.0 is now available: please 
download and test it
 03-May-2016: Security Advisory: 
several security fixes
_
openssl-commits mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-commits